Cyber-physical intrusion detection on a robotic vehicle

Transcription

1 WIFS 2015 The 7th IEEE International Workshop on Information Forensics and Security Rome, Italy, November, 2015 Cyber-physical intrusion detection on a robotic vehicle Tuan Vuong, George Loukas and Diane Gan University of Greenwich, London, UK 1

2 Look for: Hidden threat 2 Source: Internet

3 How about: Motion detection Heat map Camouflaged sniper with a rifle 3 Source: Internet

4 Our Cyber-Physical System (CPS) testbed: Computer-control: Linux laptop Control physical entities: Wheels, Batteries, Camera, Accelerometer, Network of interacting elements: Wifi, Ethernet CPS samples: Robotic vehicles Source: Wu

5 Security Challenges Hack-a-car 1 : 02/2014, Wired, $20 Windows, lights, steering, brakes Kill a jeep in highway 2 : 07/2015, Wireless Dashboard, steering, brakes, transmission 5 Spoofing and jamming a drone 3

6 6 Research aims: Aims Light-weight on-board system for robotic vehicle Cyber attack detection using both cyber and physical features. Performance metrics for intrusion detection in CPS. By type of defence Preventive Reactive Authentication Resilience Self-awareness Defence Mechanisms By degree of distribution Detection Response Centralised Distributed Security /IDS Robotic Vehicle Metrics Applying Machine Learning to Robotic Vehicle s Intrusion Detection By organisational element Cyber input Physical input Cyber-physical input Network traffic control Network reconfiguration Shut-down of services System Process Human

7 Intrusion detection approaches Year: Intrusion Detection goals 1. Common attacks 2. Light-weight 3. On-board 4. Cyber &physical features 7

8 Components Indicators Function Data Sources Encoders Sensing Robot Power Sensing PC Accelerometers Sensing Smart Phone CPU Data Control Robot Network Control Robot Disk Data Control Robot 8

9 Attacking scenarios Attacking Computers Conditions TCP traffic flood Rogue cmd STOP or LEFT Modify NET control setting Resource-demanding tasks Camera feed + legitimate cmd 9

10 Features & Labelling Data during DoS attack scenario Data collection Features: labelling (ground truth) Each has different sample rate Collected 52,215 points per feature 10

11 Framework Data preparation: 5 scenarios Cyber & physical data from different sources Feature extraction Synchronization Interpolation Labelling Prediction study design 80% for training (70% randomly) and testing (30%) 20% for validation 11

12 Machine Learning Algorithm YES Algorithm consideration: Performance Data/features: transformation Type: Binary classification NO Validation Decision Tree C5.0 using R programming language (widely used for data analysis) Transformation less important, robust to set of attributes Fast, compact when trained Simple to understand/interpret Problem: over-fitted 12

13 Evaluation: Confusion matrix Result: Confusion matrix 13

14 Receiver Operating Characteristic (ROC) Curves Result: ROC curves AUC (Area under the curve) 14

15 Detection Latency Real-time for CPS Various factors: Data collection time (gathering & measuring): different frequency per feature Preparation time: pre-processing (cleaning scaling, normalizing), interpolation, Detection accuracy: TP (true positive) vs. FN (false negative) Detection result: DL: Detection Latency FP : False Positive FN: False Negative 15

16 Conclusion and future work Conclusion: Light-weight on-board intrusion detection for robotic vehicle Four attacks and detection performance with and without physical features Performance metrics: Confusion matrix, ROC Curve, and Detection latency Future work: Improve current technique (over-fitted, time-series) More attack types (communication jamming, relay attacks..) Unknown attack, other detection methods Additional test beds 16

17 Q&A Thank you! 17